Orchestration abilities contribute greatly to making a vCloud dynamic and to vCloud agility, elasticity, and self- healing properties.

Along with the benefits, elasticity also raises some risks. A successful vCloud implementation must focus on delivering consistent quality of services. Orchestration Management adds the layer of control required to achieve consistency in a vCloud. Control also includes the ability to protect and secure the vCloud. Unwarranted actions in a vCloud cannot be tolerated, so orchestration workflows and actions must be tightly controlled.

The following sections provide information about how to control orchestration in a vCloud. Orchestration is a relatively new feature, and as organizations mature in their management of vCloud environments, the role of orchestration management becomes more and more important.

Before implementing orchestration workflows in a vCloud environment answer the following questions:

Answer these questions for all orchestration workflows that are built into the vCloud. VMware recommends that the following teams be involved during development of orchestration workflows:

Development of orchestration workflows is complex. Orchestration engages with multiple internal and external systems in a vCloud environment, so a complete development lifecycle must be followed with dedicated support from the application and business teams.

Appropriate testing should be completed at every stage of development, including unit, system, and integration testing before moving orchestration workflows into production. As part of development testing, operational testing that includes performance and scalability scenarios for end-to-end automation processes must also be completed. In many cases, orchestration workflows themselves may be able to withstand new loads, but external or downstream systems may experience a performance impact. A clear roll-back procedure must be established for exceptions to protect against impacting production functions.

A vCloud is a dynamic environment where continuous changes are made to improve the quality of the services that run on it. Orchestration plays a key part in this agility, allowing for automated actions to be performed as required by vCloud. Orchestration Management focuses on vCloud impacts and maintains flexibility in the environment. VMware recommends control for the execution of orchestration workflows developed for vCloud, with error handling built into the workflows. If there are workflow execution issues, notifications need to be sent to the operations team with appropriate escalations and tiering for alerts.

As orchestration matures, complex manual tasks are automated. Prior to implementation, workflows that will lead to changes in business services that directly impact users must be analyzed in detail. The Change Advisory Board (CAB) needs to preapprove actions on production applications. Additional controls might also be set to allow for notification back to the CAB on execution of critical business that impacts orchestration workflows. This must be done in accordance with an organization's change control policies. Business impact should be the main driver for discussion between the orchestration team and CAB. Simple orchestration actions that impact vCloud internal background operations (for example, capacity-related actions) but which do not directly impact a business application or service, should be allowed more flexibility by the CAB and may not need approval.

Orchestration can be used to provision new vApps in a vCloud. Orchestration Management needs to integrate with and provide status on new or updated configuration items to the Configuration Management System (CMS) to provide consistency. Also, the CMS can trigger auto scaling actions for vApps executed by an orchestration workflow to provide quality of service.

Another aspect of the relationship between orchestration and configuration management is the understanding of the physical layer that supports the vCloud environment. In mature implementations, orchestration can interact with the configuration management layer to identify gaps in the physical layer and remediate as needed to maintain environment stability (for example, adding new storage capacity).

Services based on vCloud are focused on business users, enabling them to request new services directly via the service catalog. Orchestration is critical to such automation and should have an API to communicate with external systems. Orchestration adds flexibility in a vCloud. With flexibility comes a requirement to add controls so that there are no security risks or exposure for the organization. Because the orchestration workflows have access rights to multiple systems, the orchestration workflow code needs to be protected. Encryption controls such as Set Digital Rights management need to be enabled while moving workflow code packages within servers. Access to the orchestration servers must be limited. VMware recommends that the COE exclusively control and manage access on these servers.

Orchestration workflows allow vCloud to be more dynamic. Automated actions enhance key vCloud functions such as provisioning and self-service. Although enhanced automation is highly beneficial, it poses a challenge to organizations that are bound by tight audit, regulatory, and compliance rules. VMware recommends that orchestration engines running the orchestration workflows be centralized within an organization, with centralized error handing and logging for all workflows. Reporting features that checkpoint all workflow actions must be enabled for audit compliance. Centralized orchestration engines also enhance an organization’s problem management and root-cause analysis capabilities.

Some of recommended orchestration management principles cannot currently be fully automated and require manual configuration actions based on individual client needs. VMware continues to improve existing libraries and as vCloud implementations mature, more packaged orchestrations with control and governance features should be available for clients to download.